RT RT/krbdev.mit.edu: Ticket #7135 gssapi mechanism glue dlcloses objects potentially after they are already unloaded Signed in as guest.

[Home] [Search] [Configuration]

[Display] [History] [Basics] [Dates] [People] [Links] [Jumbo]


 The Basics  
0 min

 Keyword Selections  
  • nochange

Depends on:
Depended on by:

Refers to:
Referred to by:
  • 7947: (ghudson) Load plugins with RTLD_NODELETE if possible [resolved]
Created: Wed May 16 20:42:00 2012
Starts: Not set
Started: Sun Dec 25 00:40:19 2016
Last Contact: Thu Jun 26 11:11:31 2014
Due: Not set
Updated: Sun Dec 25 00:40:31 2016 by ghudson


 More about Sam Hartman  
Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:

History   Display mode: [Brief headers] [Full headers]
      Wed May 16 20:42:00 2012  hartmans@debian.org - Ticket created    
From: Sam Hartman <hartmans@debian.org>
To: krb5-bugs@MIT.EDU
Subject: gssapi mechanism glue dlcloses objects potentially after they are already unloaded
Date: Wed, 16 May 2012 20:41:37 -0400
CC: hartmans@MIT.EDU

moonshot has consistently gotten a linker error on Linux at process exit
time. I traced it with a debugger today and figured out what seems to be
going on.

exit calls the library finalization functions for loaded libraries.
That calls gssint_mechglue_fini.  If PROGRAM_EXITING() returns false
(which it always does) that calls freeMechList() which indirectly calls
dlclose on loaded objects.

Unfortunately, moonshot depends circularly on libgssapi_krb5. The linker
chooses to break this dependency by finalizing moonshot first.
Then when we call dlclose, we get:

Inconsistency detected by ld.so: dl-close.c: 743: _dl_close: Assertion
`map->l_i nit_called' failed!

This is arguably a linker bug.

A few observations:

1) It would be nice to have a better definition of PROGRAM_EXITING for
glibc platforms.

2) There are reasonably good reasons for GSS mechanisms to call into
libgssapi_krb5 even though they are loaded by it.

Finally, I suspect that gssint_mechglue_fini may tend to be useless if a
mechanism that calls into the mechglue is loaded.  Consider what
happens.  The cases where fini matters is where the gss library would
like to be unloaded.  So, an application dlopens a plugin that loads
gssapi_krb5.  That eventually opens moonshot, which creates a second
reference to libgssapi_krb5.

The application dlcloses the plugin, removing one reference to
libgssapi_krb5.  The linker really needs to garbage collect or otherwise
walk the graph in order to determine that it can get rid of the
moonshot-gssapi subgraph.  So on Linux, it looks a lot like this code
crashes at process exit and is likely to be useless otherwise.

Download (untitled) 1.6k
      Thu Jun 26 11:11:31 2014  ghudson - Correspondence added    
We decided to start using RTLD_NODELETE when loading plugin modules,
mostly for OpenSSL-related reasons.  I think that should fix this
problem; I would be interested in test results.

Of course, this change also makes it even more pointless to dlclose() GSS
modules from the libgssapi_krb5 finalizer.  But we need to at least free
the struct plugin_file_handle to avoid a memory leak on repeated loading
and unloading of libgssapi_krb5, and there is also Windows to consider.

Download (untitled) 480b
      Sun Dec 25 00:40:19 2016  ghudson - Status changed from new to resolved    
      Sun Dec 25 00:40:19 2016  ghudson - Comments added    
The RTLD_NODELETE change (ticket 7947) does not appear to solve this
problem; in fact, it's possible that it makes it manifest under
different circumstances.

However, the upstream glibc bug has now been fixed.  References:


Download (untitled) 434b
      Sun Dec 25 00:40:31 2016  ghudson - Tags nochange added